AFCEH EXAM KIT

How can you perform DNS poisoning?

DNS Zone transfer


Why do you think the Trace route tool was originally developed

To pinpoint the the exact position in the network where there was a problem


What does a data packet with the RST flag turned ON represent?
Want to reset connection

IF you create a data packet with an infinite TTL value and send it to your friend’s computer. What will happen to the packet?
The data packet will reach the target computer

Imagine the scenario where you send a Fin data packet to a particular port on the target system. If the target system sends back an error message, what does it mean?
Cant say without know the Operating System Information

Which error message does the ICMP data packet with type = 3 and code = 8 represent?
Source host isolated

If you ping a particular IP address on thr internet multiple times, will the TTL values displayed in the output always remain the same
No

Which Social engineering technique is mostly likely to work against a young, female call center employee working in a bank
Intimidation

What kind of Honeypot would you recommend a bank should use
Low involved honeypot

Perform a whois quer on the DBS bank of Singapore website (www.dbs.com.sg)
6, shenton way, Singapore

How o you bypass the bios password on a laptop (not desktop)
Default password

On google search you type the search string “Failure”. Ten you press the button “I’m feeling lucky” you land on the page of the “Biography of president George W. bush” what does it mean?
The search string has placed the page on the top of the search list

Are switching network vulnerable to sniffers?
No

You have Norton antivirus installed on your system. You scanned a trojan file and after altering the signature found that it is not being detected by Norton Now you send it to the victim where where it  was caught by the antivirus what could be the possible explaination
The victim is using the some other antivirus

what is the role of checksums in Tcp/IP?
It checks integerty of data

In which country is the website www.abc.kh located?
Cant say

How many ports are open on the website www.hackingmobilephoness.com between port 1 and 200?
3-5 ports

Usually when you port scan your home computer, you will find that some part are open ? why?
The application running on your system are using there open ports

While trying to change the signature of a Trojan you ended increasing few bytes in the hex file. What will be the result?
The Trojan file will  crash altogether

If you create a data packet with a TTL value of 1 and send it to your friend’s computer what will happen to the data packet
There will be an error message and the data packet will be discarded

What Is the advantage of using ping sweeping as compared to the regular ping utility?
Ping sweeping is faster and can be used to a large number of systems

What class does the IP Address 198.54.11.0 belong to?
Class c

In what step or command of email forging do you need to include any file attachments?
DATA

What is the octal version of the IP address 198.54.11.15?
0306.066.013.017

Which of the following is a strong password password yet to remember ?
A.n.k.i.t25

If you traceroute a particular IP address on the Internet multiple times, do you always see the same results?
No

What is the exact street address (physical address) of the system 203.94.11.12? you should use web based tools to answer this question
Cant say

Using Information Gathering techniques determine the wed hosting company of the DBS Bank of Singapore website(www.dbs.com.sg)
Pacific Net

What are phishing attacks?
The art of sending a fake login screen to the victim

Why do you think array bound checking on input is an important aspect of secure programming?
Protects against integer overflows

If the intial sequence number of a system is 1000, what will it become after 10 FIN Packets, 10 SYN Packets, 10 SYN/ACK Packets, 10FIN/ACK Packets, 10 Second and 1234 ack Packets?
129040

What do you need to do to ensure that an Antivirus tool does not detectect the presence of a trojan on the victim’s computer
Modify the signature of the Trojan to avoid detection

Imagine that all Instant messenger traffic has been blocked on your office or college network. How can you access your Instant messanger and chat with your colleagues?
www.meebos.com

which operating system has a TTL value of 128, DF set to YES, TOS = 0 and a window size of 7000?
Windows NT

Which social enginnering thecique is most likely to work against a senior male executive working in a bank?
Smooth talking

What kind of honeypot would you recommended a university should use?
High involved honeypot

Data is alwys broken down into smaller fragments at the sender’s end. What will happen if you send the first fragment and third fragment o the some data target system without sending the second fragment
ICMP fragment reassembly time exxeced error message

The tcp connect port scan is often reffered to as the most reliable technique of port scanning why?
It cannot  be blocked without affecting normal traffic

What makes the Stacheldraht attack tools so difficult to counter ?
It uses single key encryption
It communicate using ICMP
It’s default port number can be changed
It uses a very large number of simultaneous attackers

What are the steps followed by a system A when it wants to establish a new connection with a remote computer B?
A sends SYS packet to B. B sends back SYN/ACK. A replies with ack

How can you detect SQL Injuction Loopheles on the internet?
Manual trial and error

SQL Injuction Scanner
Google hacking
GIF lan quard

Which vulnerability I sthe following programming code vulnerable against?(printf(“&d”, input_decimal);)
Format string overflow

Can you name a major vulnerability that exist on the website http://www.iscr.org?
SQL injection

What is the difference between active and passive fingerprinting?
Active is not anonymous, passive is anonymous

Determine the web server running on the website www.hacking mobilephones.com (you may use the daemon banner grabbing technique)
Apache

What would recommend to somebody who want to protect their identity on the internet ?
User a proxy server

Try to use a Russian proxy server
Try to perform proxy bouncing
Try to keep changing the proxy server oyou using

What is HTtp tunneling ?
Working with any protocol transmiting it through HTTP
 

If you port scan oyour own computer and detect port 456 as open, what does it mean?
Any modified Trojan could be installed on oyur computer

Why are dial  up net connection usually consider to be more secure then broad nband net connection
Most dial up connection provide a dynamic ip address

What is good countermeasure against land attack
Patch your operating system

I am going to writ a tool which allows user to search for ankit certified ethical hackers in ind. This tool will allows user to enter eny rank of their choice (1-400) & the respective cource participants name will shows up on the screen. For exp. If the user input the number 2, then the name of the cource participate who stood 2nd in the exam will be display on the output. Mention any one posiblities loopholes in the bellow application working outline:
1-all afceh cource participant info. Is stored in array AFCEH[400].

2-USERis asked to input a rank

3-the name of the cource participant who hold the input rank is display as output

4-program exits.


=out of bond intager buffer overflows


what makes google hacking possible?

=google has bougt right to scan any sys on the internate


Are TCP SYN  port scans stelth?

=yes


what do you need to do to carry out sympathy based social engineeiring?

=pretend to be in trouble


how does the FTP bounce port scan techique work?


=port 21


which os has a TTL value of 128, DF set to yes, tos=0 and a windows size of 20000?

=win NT

the initial sequence no. of a sys is 12345689. what will it become after 127 secound 1000 connection and 1 reboot?


=12345689


why are distributed dos attack so very powerfull and efficient?

=1-it is a new attack technique and does not have any countermasure.

 2-it use a very large nu of attacker and generat a hifh amount of traffic.

3- it is verry difficult to trace the attacker.

4-one of the above.

5-all of the above.

When you try to use a web based proxy server like www.anonymizer.com to log into your hotmail email accont then how come you are able to log in?
=since hotmail cannot set coockis on your system.


What loopholes does the following code exploit?

http://www.victim.com/login.asp?no=40 UNION SELECT TOP 1 TABLE_NAME FROME INFORMATION_SCHEMA.TABLES-


=SQL injection

In the os fingerprinting technique of using ping and tracerout, what is the mathametical calculation that one needs to perform?

=final TTL Value + number of hops-1


what loopholes does the following code exploit?
hello=c:\con\con


=window cant handle the con reference

what is the MD5 hash fingerprint value of the text Ankit?

=b85991f378b78df6b 1eoff82da56f572

what defoult service usuallu runs on port 79?

=finger

what is the differnce between a shadowed password meance file and an unshadowed password file?

=shadowed meance replaced with a token unshadowed meance unencrypted.

Assume that sys X sends a NACK data packet to system Y.what does the packet meanc?

=it meance that X wants to end the connection with Y.


what defoult service usually runs on port 69?

=TFTP

what is the bese 64 encoded value  of the text HELLO ankit?

=SGVsbG8gQW5raXQ


imagine u want t connect to port 25 of the target computer. However,there is a firwall which blockes u connection request port 25 & allow u to connect to only port80,port21. what will u do? How can u acces port 25 of the target computer?

=firwall tunneling& port redirecton

convert the following text V2VsbCBEb25IliBFdGhpY2FsIEhhY2tlci4=into its plaintext?

=welldone .ethical hacker.

Assume that there are three systems Attacker,target and spoof imagine that the Attacker is performing ip spoofing on the system target by spoofing his ip address to spoof. What would happen if the system spoof is not Dos attacked?
=spoof will send back a NACK or error message and prevent the successful execution o ip spoofing.


how does smashguard counter buffer overflows?

=it allow the application to store the return address of the program contoler flow.

you discover that your system has a modife version of the prosiak Trojan installed on it. Which is the first countermesure you will take?
=block acess to port 22222 with a firwall

block acess to port 222222 with a firwall
= install an antivirus tool.

Port scan ur computer.Usually when u port scan ur home pc ,u will find that some port are open why?
=The application running on your system are using this open ports

imagine u r a terrorist. U wish to secure and securely trancfer a file frome ur system in India to ur colleague system in Indonesia. Describe sn innovative secure transmission technique that u will use. U may combine more than one single technique as well.
=steganography


which vulnerability does the phishing technique rely on ?
=the user

which operating system has a ttl value of 128, df set to yes, tos = 0 and a window size of 7000?

= windows NT

how can you detect whether an image any hidden data?
=steganografy.

 if the domain name of a system is www.domain.hu then what do you know about its location ? where is it located?
=can't say

If you want creat avirus that spreads by infecting user that visit your website, which programming language should you use.
=scripting languages.

describe the best technic to bypass the windows screensaver password BFFORF the screensaver has been loded displayed on the screen.
=Editing the screensaver file in an editor.

 What does the search expression “-vulnerability windows” search for?
=Returns results with vulnerability and also windows.

name a non hash algorithm?
=DES

Which of the following attacks will pass through a network layer intrusion detection system undetected?
=A test-cgi-attack

 Buffer overflows is an examples of_________?
=Implementation

What is the art of using mathematics or logical algorithms to carry out encryption and decryption of data called?
=Cryptography

What is the advantage of using CODEEN instead of www.samair.ru/proxy?
= CODEEN tells you the status of the various proxy servers.


what loophole does code contains var content=clipboarddata.get('Text')
reads data that has been cut and copy


   7. What are the two classifications of Symmetric cryptography?



    * Stream and Block ciphers



   8. if you want to track changes to files on Linux based file server, which one of the following should be used?



    * System integrity Verifier(SIV)



   9. The external gateway interface of an IDS system is receiving a large number of ICMP Echo Reply packets which are not responses from the internal host’s requests. What could be the most likely cause?



    * The IDSIP address was spoofed while doing a Smurf attack.



  10. which of these operates can be used to locate files of a specifies type using Google?



    * A and C



  11. which is the fastest and easiest technique to bring down a network?



    * dDOS attacks



  12. Hash functions are also popularly known as:



    * Message digests



  13. Which is the best countermeasure against keyloggers ?



    * Key Scamblers



  14. Where does the shadowed group password information get stored on Linux system?



    * /etc/gshadow file



  15. What will be the decrypted password if the encrypted screen saver password is 09 2f 35 22 53?



    * AFCEH



  16. How many keys are used in secret key cryptography(SKC)?



    * One



  17. What is the base 64 Encoded version of the text cryptorzz?



    * Y3J5cHRvenp5==



  18. Which technique allows you to decipher encrypted data without knowing the keys?



    * Cryptanalaysis



  19. Name a tool that is commonly used to implement the AES algorithm.



    * BT AES File Encrypt



  20. Which of these algorithms are prone to timing attack?



    * SHA-1



  21. Rule- based detection is also known as:



    * option 1,2and 3







What is the key length in DES and 3DES?

56bit



Name a tool that automatically encrypts or decrypts data (without any user intervetion)

True crypt





In which of the following ways, can google be used to provide anonymity while surfing?

a)using google’s cached pages

c)using google language tools



what does the ‘inanchor:’ operator search for when used in a google search?

Search for text in link anchors



What is the primary advantage a hacker gains by using encryption?

IDS system are unable to decrypt it





What happens when one experienene a ping of death?

This  when an ip datagram is received with the “protocol field in the IP header set to 1(ICMP), the last fragment bit is set and (ip offset * 8)+(ip data length) > 65535





Which query would allow you to search for files of types PDF that have gov in the URL

Filetype:pdf Inurl:gov





Select the best query for the following requeirements

a)the page title should have the word admin or login

b)the url should have the word cgi or php or asp

c)should search only with in xyz.com

d)should have username as text present in the page.

Intitle:admin|login inurl:cgi|php|asp site:xyz.com username



Which of the following can be consider appropriate action session hijacking

Configure the appropriate spoof rules on gateways(inert and external)





With the help of google carry out of the following calculation and select the correct answer(or the one closest in value in cae of doubts)

“Twenty fifth root of log104856 multiplied by the speed of light”

315852435 m/s

1 If port 110 of the target computer is open, what do you know about the type of daemon running on it.



    * it is SMTP daemon.



2. Decrypt the following text:Jgji ppdpgddmt



    * kill president



         

3. which is the first technique that you would try when you wish to find out the victim’s email accoount password?



    * Password Guessing





4.if port 79 of the target computer is open, does it always mean that it has a Fingar daemon Running?



    * NO



5.what is Name an example of?



    * port Scanner



6. What is the Squid an example of?



    * proxy server



7.What does a reverse dns lookup do?



    * coverts an ip Address into dns.



8. why is all communication carried out using MSN Messengar not Safe?



    * they do not use encryption of data.



9. which tool you use to determine the os the target computer?



    * Namp



10. decrypt the following text. Cpnc qbsmjbnfou



    * Bomb parliament



11. why is wingate so popular?



    * it protects your identity.



12. which is a better password? Rendezvous or door123?



    * door123



13.why Should you carefully destroy your Monthly mobile phone bill or telephone bill?



    * identity Theft



14. which out the following is most likely to be vulnerable to SQL Injection Attacks?



    * A shopping Cart.



15. which tool would you use to trace the sender of an email?



    * visual route.



16.if port 25 of the target computer is open, What do  you know about the type of daemon running on it?



    * can’t say.



17.if port 79 of the target computer is open, What do you know about the type of daemon running on it?



    * cant’s say.



18. why is all communication carried out using skype safe?



    * they use Encryption of data.



19. which of the following places are likely to have any avidence against the attacker?



    * all of the above.



20.tf port 8o the target computer is open, what do you know about the type of daemon running on it?



    * cant’s say



21. decrypt the following text: Gdjim wmpjd



    * Hello World

22. which tool would you use to diagnose a network error?



    * ping



23. encrypt the following: dhoom



    * 3446666666



24. what would permanently solve the problem of distribute Dos attacks?



    * infinite Bandwidth to all.



25. what does a DNS Lookup do?



    * Converts a DNS into IP address.



26.  what does the “fake login screen” rely on ?



    * lack of awareness of user



27.  The TCPDUMP tool is a great of a tool that allows you to do what ?



    * Sniffing of data

28. Why is it advisable to never  use a public to bank or shop online?



    * Sniffing



29. The NEOTRACE tool is a great example of a tool that allows you to do what?



    * Trace an IP address geographically.



30.  The SUB7 tool is great example of a tool that allows you to do what?



    * Trojan Attacks.



31. Decrypt the following:344666666



    * Dhoom



32. Why does Microsoft windows crash whenever you try to create a “con” file?



    * Cant handle such a filename









33. Which tool would you use to port scan the target computer?





    * Nmap



34. What is black ICE an example of ?



    * Firewall



35. which port would you connect to in order to download your emails manually?



    * port110



36. What is preventing you from being able to successfully send forged emails from smtp-roam.stanford.edu?



    * Mail Daemon has disabled mail relaying



37. Why should your password be a combination of alphabets, numbers and special characters?



    * To prevent Brute Force



38. Which of the following places are NOT likely to have any evidence against the attacker?



    * Solitaire



39. Why should you not give your bank account password eveeive a phone call from a bank employee?



    * Social Engineering



40. What is the correct sequence of commands when you are sending a forged email?



    * EHLO, MAIL, RCPT, DATA



41. Can the port number used by a particular daemon be changed?



    * yes



42. Which is a better password? Door123 or DoOR123?



    * DoOR123





43. The SNOW tool is a great example of a tool that allows you to do what?



    * Embedding



44. What kind of data hiding or encryption or embedding technique has been used in the following text:



    * Text steganography



45. Why do most banks ask customers to not reveal their bank account passwords to even employees from the bank?



    * To prevent phishing attacks



46. While performing computer forensics, what would happen if you took a backup of a hard disk instead of making an image copy?



    * Evidence may be overlooked.



47. What would you do first? ICMP Scanning or Port Scanning?



    * Doesn’t Matter



48. If Port 21 of the target computer is open, does it always mean that it has a FTP daemon running?



    * NO.



49.What are sockets?



    * Sockets are needed to establish a proper channel of communication.